lost-my-walletrecovery.lab
Recover →
Multisig Recovery

Multisig 2-of-3 Recovery When One Key Is Lost

Multisig wallets exist precisely because one-key loss shouldn't mean total loss. A 2-of-3 multisig wallet — where 2 of 3 keys are required to sign — survives the loss of any single key. If you've lost one of three keys, your funds are still recoverable using the remaining two. This guide explains how multisig works at the protocol level, the practical steps for a 2-of-3 recovery, and the common mistakes that turn a recoverable situation into a permanent loss.

How multisig actually works

Multisig (m-of-n) is a Bitcoin scripting feature where m signatures from a group of n public keys are required to spend funds. The most common configurations: 2-of-3 (typical individual / small business) and 3-of-5 (institutional / family wealth).

When you create a multisig wallet, you generate n separate seed phrases (one per key) and combine the corresponding public keys into a multisig script. Funds sent to this script can only be spent when m of the n private keys sign a transaction. Each key is independent — losing one doesn't affect the others.

Critically: the multisig script (the public-key combination) is enough to receive funds and check balances. You don't need any private keys to monitor a multisig address. You only need m private keys to spend.

Multisig advantage

The whole point of multisig is fault tolerance. A 2-of-3 wallet is designed to survive losing 1 key without losing access. Don't panic — just execute the recovery correctly.

Step 1 — Confirm what you actually have

Before any recovery action, confirm your remaining material. You need: (a) the multisig script (xpub combination) — usually stored in a wallet config file, hardware wallet device, or backup card; (b) the remaining 2 private keys (seed phrases or hardware devices).

Common mistakes at this stage: confusing 'I have the seed phrase for one key' with 'I have access to the wallet' (you need 2 of 3 to spend, not 1). Verify each remaining seed phrase still works by importing into a fresh wallet and checking it derives the expected addresses.

If you discover you actually only have 1 of 3 keys still accessible, the situation is fundamentally different — 2-of-3 with 1 key isn't recoverable. The threshold isn't met.

Step 2 — Reconstruct the wallet in a multisig coordinator

You'll need software that supports multisig: Sparrow Wallet (Bitcoin), Specter Desktop, Electrum (multisig mode), Caravan, or a hardware-wallet-specific multisig coordinator (Ledger Multisig, Trezor multisig).

Import the multisig script: provide the n=3 xpubs (public keys for each key). Two of these come from your remaining hardware wallets / seed phrases. The third — for the lost key — comes from your wallet config backup. If you don't have the lost key's xpub, you cannot reconstruct the wallet at all.

Once the wallet is loaded, you'll see your full balance and transaction history. The wallet recognises you have 2 of 3 keys, which is the spending threshold.

Step 3 — Sign and broadcast a transaction

To move funds (this is the actual recovery), construct a transaction sending all balance to a new wallet you fully control. Ideally a new 2-of-3 multisig with fresh keys you've just generated, but a single-sig wallet works too if the urgency is greater than the security loss.

Each of the 2 remaining keys signs the transaction independently. With hardware wallets this is sign-and-pass-PSBT (Partially Signed Bitcoin Transaction) workflow: device 1 signs, you save the signed PSBT, device 2 signs, the doubly-signed PSBT is broadcast.

After broadcast and confirmation, the funds are at the new wallet. The old multisig wallet is empty — the lost key is no longer relevant because the funds aren't there anymore.

Step 4 — Set up new multisig with proper backups

Don't reuse a multisig setup where you've already lost a key. The remaining keys could fail or be compromised, and you'd be in the same situation again with one fewer recovery option.

Best practice for a fresh multisig setup: distinct hardware wallet vendors for each key (Ledger + Trezor + Coldcard, for example) — this protects against vendor-specific bugs or supply-chain attacks. Geographically separated key storage (home safe + bank deposit box + family member). Documented seed-phrase backups (steel plates ideal) for every key.

Test recovery quarterly. The whole point of multisig is fault tolerance, but it only works if you can actually execute the recovery when needed. Practice runs catch documentation errors before they become emergencies.

Common recovery mistakes

Trying to 'recover' the lost key via password recovery services. The lost key isn't password-protected — it's gone (lost device, destroyed seed phrase). Recovery services can't help with 'I dropped my Trezor in the ocean'. The multisig design specifically allows you to ignore the lost key.

Sending funds to the same destination as the multisig before completing the spend. Funds at the multisig address require 2 signatures to move; sending more funds there compounds the problem if you lose another key.

Using a paper wallet generator on an internet-connected machine for the new multisig keys. Always use offline tools for cryptographic operations. Air-gapped computers, hardware wallets, or paper-only workflows.

Not verifying the destination address character-by-character. Multisig recovery transactions move all funds — a typo in the destination is permanent loss. Use receive-side verification on a hardware wallet for the destination address.

What if you lost 2 of 3 in a 2-of-3 wallet?

Then the threshold isn't met and the funds are not recoverable through the multisig protocol. Some alternatives to investigate before accepting loss:

Were there any backups of the lost keys (steel plates, bank deposit box, family member's safe)? Multisig setups are typically created with backup discipline — check thoroughly.

Was one of the keys passphrase-protected? Some hardware wallets (Trezor, Ledger) support 25th-word passphrases. The 'lost' key might just be lost behind a forgotten passphrase, which is potentially recoverable.

If genuinely 2 of 3 keys are gone with no backups, the funds are inaccessible. The multisig design doesn't provide recovery beyond its threshold — that's the security trade-off.

2-of-3 multisig recovery flow

  1. 1

    Inventory remaining material

    Confirm 2 working keys + multisig script (xpubs).

  2. 2

    Load wallet in coordinator

    Import xpubs into Sparrow / Specter / Electrum multisig mode.

  3. 3

    Verify balance and addresses

    Confirm wallet shows expected balance — this validates xpubs are correct.

  4. 4

    Construct sweep transaction

    Send all funds to a new wallet you fully control.

  5. 5

    Sign with 2 keys (PSBT workflow)

    Sign on each device, combine, broadcast. Lost key is irrelevant.

  6. 6

    Set up fresh multisig with proper backups

    Don't reuse compromised multisig. Generate new keys with distinct hardware vendors.

Frequently Asked Questions

Can a recovery service help with multisig?
Only if the issue is a forgotten password / passphrase on one of the remaining keys. They can't recover a genuinely lost key (broken device, destroyed seed). Multisig is designed for that case — use the 2 working keys directly.
What if I don't have the multisig script anymore?
Without xpubs of all 3 keys, the wallet can't be reconstructed. This is why backing up the wallet config (containing xpubs) is as important as backing up seed phrases.
Can I add a new key to existing multisig to replace the lost one?
No — multisig scripts are fixed at wallet creation. To 'replace' a key, you must move funds to a new wallet with a fresh multisig setup. The old wallet remains accessible only with the original key set.
Is 2-of-3 better than 3-of-5?
2-of-3 is more convenient (only 2 signatures needed) and more recoverable (2 surviving keys is enough). 3-of-5 is more attack-resistant (need to compromise 3 keys vs 2) and more fault-tolerant (survives loss of 2 keys). Choose based on threat model.
What about Shamir Secret Sharing as an alternative?
SSS splits a single seed into n shares with m-of-n recovery. Different security model — funds are at one address (vs multisig's threshold-script). SSS is great for personal redundancy; multisig is better for collaborative custody.
How do hardware wallets coordinate multisig?
Each device signs independently and produces a partial signature (PSBT format). The coordinator software (Sparrow, Specter) combines partial signatures into the final transaction. Devices never share private keys with each other.

Wallet recovery — free analysis

Forgotten password / passphrase / partial seed — run a free analysis to assess feasibility before any payment.

Run Free Analysis

Related Reading

Hardware Wallet RecoveryBIP39 Passphrase (25th Word)Multisig Wallet RecoveryBitcoin Core wallet.dat